Quick links to common tasks - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Quick links to common tasks

Use the following links to get help with common tasks associated with IAM.

Sign in for different user types

Sign in to the IAM console by choosing IAM user and entering your Amazon Web Services account ID or account alias. On the next page, enter your IAM user name and your password.

To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.

For help signing in using an IAM Identity Center user, see Signing in to the Amazon access portal in the Amazon Sign-In User Guide.

Sign in to the Amazon Web Services Management Console as the account owner by choosing Root user and entering your Amazon Web Services account email address. On the next page, enter your password.

See What is Amazon Sign-In in the Amazon Sign-In User Guide for help determining your user type and sign-in page.

Manage passwords for users

You need a password in order to access the Amazon Web Services Management Console, including access to billing information.

For your Amazon Web Services account root user, see Change the password for the Amazon Web Services account root user in the Amazon Account Management Reference Guide

For an IAM user, see Managing passwords for IAM users.

Manage permissions for users

You use policies to grant permissions to the IAM users in your Amazon Web Services account. IAM users have no permissions when they are created, so you must add permissions to allow them to use Amazon resources.

To provide access, add permissions to your users, groups, or roles:

For more information, see Managing IAM policies.

List the users in your Amazon Web Services account and get information about their credentials

See Getting credential reports for your Amazon Web Services account.

Add multi-factor authentication (MFA)

To add a virtual MFA device, see one of the following:

To add a FIDO security key, see one of the following:

To add a hardware MFA device, see one of the following:

Get an access key

You can use an access key to make Amazon requests using the Amazon SDKs, the Amazon Command Line Tools, or the API operations.

Important

As a best practice, use temporary security credentials (such as IAM roles) instead of creating long-term credentials like access keys. Before creating access keys, review the alternatives to long-term access keys.

For guidance to help you protect your access keys, see Securing access keys.

To learn about managing access keys for an IAM user, see Managing access keys for IAM users.

For more information about the security credentials available for your Amazon Web Services account, see Amazon security credentials.

Tag IAM resources

You can tag the following IAM resources:

  • IAM users

  • IAM roles

  • Customer managed policies

  • Identity providers

  • Server certificates

  • Virtual MFA devices

To learn about tags in IAM, see Tagging IAM resources.

To learn about using tags to control access to Amazon resources, see Controlling access to Amazon resources using tags.

View the actions, resources, and condition keys for all services

This set of reference documentation can help you write detailed IAM policies. Each Amazon service defines the actions, resources, and condition context keys that you use in IAM policies. To learn more, see Actions, Resources, and Condition Keys for Amazon Services.

Get started with all of Amazon

This set of documentation deals primarily with the IAM service. To learn about getting started with Amazon and using multiple services to solve a problem such as building and launching your first project, see the Getting Started Resource Center.